EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ASN.1 Sequences

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#7540
Posted: 09/08/2008 07:45:57
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Hi,
How can I get the list of ASN.1 Sequences for use in ExtendedKeyUsage and Object Identifier(OID)?

thanks.
#7541
Posted: 09/08/2008 08:03:23
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

There is no such list with all possible OIDs, because any person can define some of them for his own needs.
However, RFC 2459 defines some of them:
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
where id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }, and
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
#7551
Posted: 09/09/2008 06:44:35
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thanks,
I read some part of http://tools.ietf.org/html/rfc2459 and find this article :
http://support.microsoft.com/kb/287547

My next related question is:
what's happening when I set up Extensions property and generate certificate, for example :
...
...
Cert.Extensions.Included := [ceKeyUsage]
Cert.Extensions.KeyUsage := [kuKeyEncipherment, kuKeyAgreement];
...
Cert.Generate(...);

?
#7552
Posted: 09/09/2008 06:58:10
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

In such case your certificate will contain KeyUsage extension, allowing only key encipherment and key agreement operations for this certificate. So, you will not be normally allowed to use this certificate for signing and so.
#7564
Posted: 09/10/2008 00:15:42
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thanks for your quick reply,
I want to create Certificates for special purpose e.g for IPSec or Code Signing or Basic EFS or SSL, which property I must to set it?

thanks.
#7567
Posted: 09/10/2008 01:37:37
by Eugene Mayevski (EldoS Corp.)

SSL requires key agreement and key encipherment and also ExtKeyUsage properties ServerAuthentication and ClientAuthentication.
Code signing requires ExtKeyUsage property CodeSigning.

Other mentioned uses require setting custom ExtKeyUsage settings (I don't know what is needed for IPSec or EFS).


Sincerely yours
Eugene Mayevski
#7601
Posted: 09/15/2008 06:12:04
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

After generated certificate with Include, KeyUsage and ExtendedKeyUsage properties and then I have saved this certificate in DER file, for example:

Code
Cert.Included = [ceKeyUsage];
Cert.KeyUsage.KeyAgreement := true;
Cert.KeyUsage.KeyEncephirment = true;
Cert.ExtendedKeyUsage.ServerAuthentication
Cert.ExtendedKeyUsage.ClientAuhentication := True;
...
...
...
Cert.Generate(....);


these attibutes set for SSL certificate,
How can I see the cetificate changes in DER file?
thanks.
#7602
Posted: 09/15/2008 06:59:26
by Eugene Mayevski (EldoS Corp.)

1) you need to set Included to [ceKeyUsage, ceExtendedKeyUsage]

2) install the certificate to Windows Certificate Storage, then view it using MMC and check the usage fields.


Sincerely yours
Eugene Mayevski
#7605
Posted: 09/15/2008 07:36:04
by Ken Ivanov (EldoS Corp.)

Quote
How can I see the cetificate changes in DER file?

Actually, it is not necessary to install the certificate to the system storage. You can invoke certificate manager by simply opening .cer or .csr file from Windows Explorer.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 2544 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!